diff --git a/content/nginx-one-console/changelog.md b/content/nginx-one-console/changelog.md index 64a2c4077c..9004e17be2 100644 --- a/content/nginx-one-console/changelog.md +++ b/content/nginx-one-console/changelog.md @@ -10,6 +10,16 @@ nollms: true Stay up-to-date with what's new and improved in the F5 NGINX One Console. +## July 16, 2026 + +### F5 WAF for NGINX: Built-In Log Profile Support + +You can now use built-in F5 WAF for NGINX log profiles as starting points when you create new log profiles. The configuration editor now supports autocomplete for built-in log profile names, making it easier to reference them in a configuration. + +### F5 WAF for NGINX: Log Profile Copy Support + +You can now copy log profiles from the log profile list. Use row actions to create a copy and extend an existing log profile without overwriting its content. + ## June 15, 2026 ### F5 WAF for NGINX: Updated policy version names diff --git a/content/nginx-one-console/waf-integration/log-profiles/configure-log-profiles.md b/content/nginx-one-console/waf-integration/log-profiles/configure-log-profiles.md index 88c24519c6..146ffa25b6 100644 --- a/content/nginx-one-console/waf-integration/log-profiles/configure-log-profiles.md +++ b/content/nginx-one-console/waf-integration/log-profiles/configure-log-profiles.md @@ -28,6 +28,7 @@ For detailed information about security logging capabilities and available log a From NGINX One Console, select **WAF** > **Log Profiles**. In the screen that appears, select **Add Log Profile**. This action opens a screen where you can: +- In **Start From**, select an F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) as a starting point. - In **General Settings**, name and describe the log profile - Configure the filter settings to determine which requests are logged - Set the content format and options for how log messages are structured diff --git a/content/nginx-one-console/waf-integration/policy/configure-policy.md b/content/nginx-one-console/waf-integration/policy/configure-policy.md index c6830349be..d80859b686 100644 --- a/content/nginx-one-console/waf-integration/policy/configure-policy.md +++ b/content/nginx-one-console/waf-integration/policy/configure-policy.md @@ -22,6 +22,7 @@ If you already know F5 WAF for NGINX, you can go beyond the options available in From NGINX One Console, select **WAF > Policies**. In the screen that appears, select **Add Policy**. That action opens a screen where you can: +- Optionally, select an F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles>}} as a starting point. - In General Settings, name and describe the policy. - You can also set one of the following enforcement modes: - Transparent diff --git a/content/nim/waf-integration/policies-and-logs/log-profiles/deploy-log-profile.md b/content/nim/waf-integration/policies-and-logs/log-profiles/deploy-log-profile.md index 0cbd369d51..4c0b5f2129 100644 --- a/content/nim/waf-integration/policies-and-logs/log-profiles/deploy-log-profile.md +++ b/content/nim/waf-integration/policies-and-logs/log-profiles/deploy-log-profile.md @@ -47,7 +47,6 @@ Before you begin, make sure you have: 6. In the drop-down menu that appears, select the instance or instance group to deploy to. 7. Choose how to deploy the log profile: - - **Add a new log profile path**: Specify a new file path where the log profile bundle should be deployed. - **Update all log profiles**: Sync all log profiles on the target instance or instance group. This updates all existing log profiles by compiling their latest JSON contents into bundles and deploying them to all existing file paths. @@ -63,10 +62,13 @@ You can also deploy a log profile directly when editing the NGINX configuration 1. Select the **Configuration** tab, then select **Edit Configuration**. + {{< call-out class="note" >}} + You can also reference an F5 WAF for NGINX [default logging profile]({{< ref "/waf/logging/log-overview.md#default-logging-profile-bundles" >}}) by name. You don't need to deploy it first. + {{< /call-out >}} + 1. Select **Apply security** and select which log profile to deploy. 1. Copy the code snippet with the required directives and paste it into your NGINX configuration. The snippet includes: - - `app_protect_security_log_enable on` - `app_protect_security_log` with the log profile bundle path and destination @@ -77,7 +79,7 @@ You can also deploy a log profile directly when editing the NGINX configuration app_protect_security_log /etc/nginx/log-profile-bundle.tgz syslog:server=localhost:514; ``` -8. Select **Save**, then select **Publish**. +1. Select **Save**, then select **Publish**. --- @@ -86,7 +88,6 @@ You can also deploy a log profile directly when editing the NGINX configuration After deployment, verify that the log profile is active on the target instances or instance groups. 1. Confirm that the NGINX configuration includes the required directives: - - `app_protect_security_log_enable on` - `app_protect_security_log` with the correct log profile bundle path and destination @@ -106,4 +107,4 @@ For more information, see: - [Review log profiles]({{< ref "/nim/waf-integration/policies-and-logs/log-profiles/review-log-profile.md" >}}) - [Compile a security log profile]({{< ref "/nim/waf-integration/policies-and-logs/log-profiles/compile-log-profile.md" >}}) - [Security log directives]({{< ref "/waf/logging/security-logs.md#directives-in-nginxconf" >}}) -- [Security Logs]({{< ref "/waf/logging/security-logs.md" >}}) \ No newline at end of file +- [Security Logs]({{< ref "/waf/logging/security-logs.md" >}}) diff --git a/static/nginx-one-console/api/one.json b/static/nginx-one-console/api/one.json index 5fb30e1637..493c086c2e 100644 --- a/static/nginx-one-console/api/one.json +++ b/static/nginx-one-console/api/one.json @@ -4416,7 +4416,7 @@ "WAF Log Profiles" ], "summary": "List WAF log profiles", - "description": "Returns a list of WAF log profiles.", + "description": "Returns a list of WAF log profiles.\n\nBuilt-in log profiles are excluded by default. To include them, filter by `source` with value `built_in`. Built-in profiles are pre-installed in the WAF engine and do not need to be compiled or deployed.\n", "operationId": "listWafLogProfiles", "parameters": [ { @@ -10309,7 +10309,7 @@ } }, "example": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + "public_certs": "UkVEQUNURUQ=" } }, "CertificateRequest": { @@ -10332,7 +10332,7 @@ "example": { "name": "example-ca-bundle", "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==", + "public_certs": "UkVEQUNURUQ=", "private_key": "" } } @@ -10616,7 +10616,7 @@ } }, "example": { - "private_key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFM295ZHVlT0FOSkhodkwzeXZKZFRwaG9ldjVHTzdnbytCeVlPTy9sNTR1NU8yUHhNZVgrQWpBYjZBeG1xCmxpdkl1aHc9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" + "private_key": "UkVEQUNURUQ=" } }, "CertificateUpdateRequest": { @@ -10636,7 +10636,7 @@ "example": { "name": "example-cert-object", "content": { - "public_certs": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUUzb3lkdWVPQU5KSGh2TDN5dkpkVHBob2V2NUdPN2dvK0J5WU9PL2w1NHU1TzJQeE1lWCtBakFiNkF4bXEKbGl2SXVodz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" + "public_certs": "UkVEQUNURUQ=" } } }, @@ -13637,6 +13637,18 @@ "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" } }, + "TemplateSubmissionObjectID": { + "description": "A globally unique identifier for a template submission.", + "type": "string", + "format": "object_id", + "pattern": "^tmplsm_.*", + "x-go-type": "objects.ID", + "x-go-type-import": { + "name": "objects", + "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" + }, + "example": "tmplsm_frBobKIAQ_21grAwV83VYz" + }, "StagedConfigCertificateSummary": { "type": "object", "description": "Provides a summary of the current status of certificates used in NGINX configurations. It includes the total number of certificates, as well as the counts of expired certificates, those nearing expiration, valid certificates, certificates that are not found, and those that are not ready for use.", @@ -13702,6 +13714,10 @@ "format": "date-time", "description": "The date and time when the NGINX configuration object was last modified for the instance." }, + "template_submission_id": { + "description": "A globally unique identifier for the template submission associated with this staged config, if applicable.", + "$ref": "#/components/schemas/TemplateSubmissionObjectID" + }, "cert_summary": { "$ref": "#/components/schemas/StagedConfigCertificateSummary" } @@ -15590,6 +15606,7 @@ "name": "test-log-profiles", "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", "is_f5_default": false, + "source": "user_defined", "config": "eyJsb2dfc3RyZWFtIjogIntmb3JtYXQgY29tYmluZWQgZXg=", "deployments": [ { @@ -15635,6 +15652,7 @@ "name": "test-log-profiles", "object_id": "lp_XYxnZgVYQFKire4M1KcVVQ", "is_f5_default": false, + "source": "user_defined", "deployments": [ { "nap_release": "5.10.0", @@ -15656,6 +15674,7 @@ "object_id", "hash", "is_f5_default", + "source", "modified_at", "created_at" ], @@ -15672,7 +15691,18 @@ "description": "The hash value of the NGINX App Protect log profile configs." }, "is_f5_default": { - "$ref": "#/components/schemas/IsF5Default" + "type": "boolean", + "deprecated": true, + "description": "Indicates whether this is an F5 default object (true) or a user-defined object (false).\nDeprecated: Use the `source` field instead. This field will be removed after December 2026.\n" + }, + "source": { + "type": "string", + "description": "Classifies the source of the log profile.\n- `user_defined` — Created by a user. You can compile, deploy, modify, or delete these profiles.\n- `f5_default` — Provided by F5. You can compile and deploy these profiles, but you can't modify or delete them.\n- `built_in` — Included in the WAF engine. You can reference these profiles by name in the NGINX configuration. You can't compile, deploy, modify, or delete them. These profiles are excluded from list results unless you filter for `source=built_in`.\n", + "enum": [ + "user_defined", + "f5_default", + "built_in" + ] }, "description": { "description": "Optional field to describe the NGINX App Protect log profile.", @@ -16305,22 +16335,20 @@ }, "FilterNameNapLogProfile": { "type": "string", - "description": "Keywords for NGINX App Protect log profile filters.\n", + "description": "Keywords for NGINX App Protect log profile filters.\nWhen filtering on `source`, the following `filter_values` are supported: `user_defined`, `f5_default`, `built_in`.\nBuilt-in log profiles are excluded from all results unless `source=built_in` is explicitly specified.\n", "enum": [ "name", "object_id", - "deployment_status" + "deployment_status", + "source" ], "x-enum-varnames": [ "filter_name_nap_log_profile_name", "filter_name_nap_log_profile_object_id", - "filter_name_nap_log_profile_deployment_status" + "filter_name_nap_log_profile_deployment_status", + "filter_name_nap_log_profile_source" ] }, - "IsF5Default": { - "type": "boolean", - "description": "Indicates whether this is an F5 default object (true) or a user-defined object (false)." - }, "FilterNameNapLogProfileDeployment": { "type": "string", "description": "Keywords for NGINX App Protect log profile deployment filters.\nWhen filtering on `type`, only the following `filter_values` are supported:\n * instance\n * config_sync_group\nWhen filtering on `status`, only the following `filter_values` are supported:\n * deployed\n * deploying\n * failed\n", @@ -17413,18 +17441,6 @@ "error": "\"upstream\" directive is not allowed here in /etc/nginx/nginx.conf:1" } }, - "TemplateSubmissionObjectID": { - "description": "A globally unique identifier for a template submission.", - "type": "string", - "format": "object_id", - "pattern": "^tmplsm_.*", - "x-go-type": "objects.ID", - "x-go-type-import": { - "name": "objects", - "path": "gitlab.com/f5/nginx/one/saas/control-plane/pkg/collections/objects" - }, - "example": "tmplsm_frBobKIAQ_21grAwV83VYz" - }, "TemplateSubmissionListResponse": { "description": "List of template submissions.", "allOf": [ @@ -17705,6 +17721,10 @@ "filter_name_templates_is_f5_default" ] }, + "IsF5Default": { + "type": "boolean", + "description": "Indicates whether the object is an F5 default object (`true`) or a user-defined object (`false`)." + }, "FilterNameSubmissions": { "type": "string", "description": "Keywords for config template submissions filters.\n",